Sneaker's Stub – The Grey Stuff!

OVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough

Overthewire natas level 23 – 24 is also based on PHP GET request parameter tampering. We have to carry out the injection in such a way that it fits both the conditions of the code.

The code for this level is here:

The two conditions to be fulfilled are:
1. passwd parameter should contain the string “iloveyou” –> strstr($_REQUEST[“passwd”],”iloveyou”)
2. passwd parameter should also contain word length greater than 10.

So after tried this:++++++fkjafhajdfiloveyouIt doesn’t work.
So I tried this now:++++++++++++8456123iloveyou
With numbers it works!

Once we send this request in passwd, we will get the credentials for the next level!